Service Fabric
Monthly
Remote code execution in Microsoft Fabric Data Warehouse allows an authenticated attacker to run arbitrary code over the network by triggering a stack-based buffer overflow (CWE-121). The flaw carries a CVSS 8.8 rating with high impact to confidentiality, integrity, and availability, and requires only low-privilege access with no user interaction. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV, but a vendor patch is available via MSRC.
Executive Summary An Elevation of Privilege (EOP) vulnerability has been identified within Service Fabric clusters that run Docker containers. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.
An elevation of privilege vulnerability exists in Service Fabric File Store Service under certain conditions, aka 'Service Fabric Elevation of Privilege'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Remote code execution in Microsoft Fabric Data Warehouse allows an authenticated attacker to run arbitrary code over the network by triggering a stack-based buffer overflow (CWE-121). The flaw carries a CVSS 8.8 rating with high impact to confidentiality, integrity, and availability, and requires only low-privilege access with no user interaction. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV, but a vendor patch is available via MSRC.
Executive Summary An Elevation of Privilege (EOP) vulnerability has been identified within Service Fabric clusters that run Docker containers. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.
An elevation of privilege vulnerability exists in Service Fabric File Store Service under certain conditions, aka 'Service Fabric Elevation of Privilege'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.